The rapid technological development experienced in recent years, the diffusion of low-cost data communications tools, the worldwide spread of data communications networks in general and of the Internet in particular have revolutionized traditional behaviors that were widely used before the onset of the information age.
Data communications networks are now used universally not only in the scientific field but also in everyday life by ordinary users to exchange data and carry out transactions of all kinds. The term “transaction” is used, in this text, to reference one or more operations for the exchange of data between two or more users or stations connected to a data communications network, performed in order to carry out an activity as a whole. A transaction, therefore, identifies a series of operations required so that a customer purchases a product or service from a supplier, to request data related to a file and receive the file from a server, to perform a query in a home-banking service, and so forth.
One of the most important characteristics of data communications network is the possibility to accept connections by a virtually infinite number of stations. The term “station” does not necessarily reference a physical station but rather a logical station, i.e., any entity that is capable of connecting to the data communications network, even from different locations, and is provided by means of an adequate IT tool, for example a personal computer, a handheld computer, a cellular telephone or any device provided with suitable interface ports and with the corresponding communications software, so long as it can be identified uniquely by the other side of the connection. In particular, the term “station” can indicate generically the user himself, who can work on the network from different physical stations, for example from different terminals, but always be identified by means of his own identification data, or can indicate equally the instrument used by the user, for example his credit card or smart card, which can be used in any reader independently of the physical or geographical station.
On the one hand, these characteristics of portability and possibility of high connectivity are one of the strongest points of data communications networks; on the other hand, this universal accessibility to the network causes enormous problems as regards security in the transmission of data and in transactions. It is in fact possible to produce software programs that are capable of monitoring and capturing data in transit over the data communications network, and this circumstance, in the case of ill-intentioned persons, can lead to the possibility to use fraudulently the eavesdropped information, taking the place of the legitimate party in a transaction.
A typical and unfortunately well-known case is the eavesdropping of credit card identification data and the unauthorized use of the data thus obtained, in which the ill-intentioned person, by impersonating the owner of the credit card, can take substantial sums from the owner. However, this is only an example of the need to identify correctly the parties of a transaction who exchange data between two stations over a data communications network, a need which occurs in countless contexts of everyday life.
Therefore, it is not surprising that substantial efforts and resources have always been dedicated to improving the security of data communications transactions. The approaches that have been used are aimed substantially at making it difficult to understand the data in transit on the network, for example by means of increasingly advanced and complex techniques and algorithms for encoding and encrypting the data. Unfortunately, these techniques, despite being efficient, have not proved to be 100% secure, since it is possible for an ill-intentioned person to eavesdrop the encrypted data and try to decipher their content by using adequate hardware/software tools.